Update to 9.0.71

Update to 9.0.70
Update to 9.0.68
2023-01-29 21:31:26 +08:00 · 2023-01-13 19:54:28 +08:00 · 2022-11-09 16:29:16 +08:00 · 2022-07-22 17:46:33 +08:00 · 2022-06-21 21:17:53 +08:00 · 2022-03-10 15:47:05 -05:00
9 changed files with 79 additions and 50 deletions
--- a/java-9-start-up-parameters.conf
+++ b/java-9-start-up-parameters.conf
@ -0,0 +1,7 @@
+# Add the JAVA 9 specific start-up parameters required by Tomcat
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.lang=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.io=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
+export JDK_JAVA_OPTIONS
--- a/rhbz-1857043.patch
+++ b/rhbz-1857043.patch
@ -1,7 +1,7 @@
 diff -up ./build.xml.orig ./build.xml
 --- build.xml.orig	2021-07-07 10:53:55.493742841 +0800
 +++ build.xml	2021-07-07 11:09:43.107968515 +0800
-@@ -1030,7 +1030,7 @@
+@@ -1020,7 +1020,7 @@
       filesDir="${tomcat.classes}"
       filesId="files.annotations-api"
       manifest="${tomcat.manifests}/annotations-api.jar.manifest"
@ -10,7 +10,7 @@ diff -up ./build.xml.orig ./build.xml
 
     <!-- Servlet Implementation JAR File -->
     <jarIt jarfile="${servlet-api.jar}"
-@@ -1039,41 +1039,41 @@
+@@ -1029,41 +1029,41 @@
       manifest="${tomcat.manifests}/servlet-api.jar.manifest"
       notice="${tomcat.manifests}/servlet-api.jar.notice"
       license="${tomcat.manifests}/servlet-api.jar.license"
@ -58,7 +58,7 @@ diff -up ./build.xml.orig ./build.xml
 
     <!-- Bootstrap JAR File -->
     <jarIt jarfile="${bootstrap.jar}"
-@@ -1085,61 +1085,61 @@
+@@ -1075,61 +1075,61 @@
     <jarIt jarfile="${tomcat-util.jar}"
       filesDir="${tomcat.classes}"
       filesId="files.tomcat-util"
@ -130,7 +130,7 @@ diff -up ./build.xml.orig ./build.xml
 
     <!-- Catalina Ant Tasks JAR File -->
     <jarIt jarfile="${catalina-ant.jar}"
-@@ -1150,27 +1150,27 @@
+@@ -1140,27 +1140,27 @@
     <jarIt jarfile="${catalina-storeconfig.jar}"
       filesDir="${tomcat.classes}"
       filesId="files.catalina-storeconfig"
@ -162,7 +162,7 @@ diff -up ./build.xml.orig ./build.xml
 
     <!-- i18n JARs -->
     <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
-@@ -1644,7 +1644,7 @@
+@@ -1620,7 +1620,7 @@
            filesId="files.tomcat-embed-core"
            notice="${tomcat.manifests}/servlet-api.jar.notice"
            license="${tomcat.manifests}/servlet-api.jar.license"
@ -171,7 +171,7 @@ diff -up ./build.xml.orig ./build.xml
            addGraal="true"
            graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
            graalFiles="res/graal/tomcat-embed-core/native-image"
-@@ -1652,7 +1652,7 @@
+@@ -1628,7 +1628,7 @@
     <jarIt jarfile="${tomcat-embed-el.jar}"
            filesDir="${tomcat.classes}"
            filesId="files.tomcat-embed-el"
@ -180,7 +180,7 @@ diff -up ./build.xml.orig ./build.xml
            addGraal="true"
            graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
            graalFiles="res/graal/tomcat-embed-el/native-image"
-@@ -1661,7 +1661,7 @@
+@@ -1637,7 +1637,7 @@
            filesDir="${tomcat.classes}"
            filesId="files.tomcat-embed-jasper"
            meta-inf="${tomcat.manifests}/jasper.jar"
@ -189,7 +189,7 @@ diff -up ./build.xml.orig ./build.xml
            addGraal="true"
            graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
            graalFiles="res/graal/tomcat-embed-jasper/native-image"
-@@ -1670,7 +1670,7 @@
+@@ -1646,7 +1646,7 @@
            filesDir="${tomcat.classes}"
            filesId="files.tomcat-embed-websocket"
            meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.56-src.tar.gz) = 43332241fda149f9da107496cc6b812e38544c9043c567e3fe11ee01b5abfbd02b6a377c3f6090902048bd9dc67746cdc65d59f03bd0de68c05e0955bfe018c5
+SHA512 (apache-tomcat-9.0.71-src.tar.gz) = 0c62a5e526178e39c68717223ce2cb4a31096e5765b718639e4ba4bbf3d70ba28238cd1bb5cf74747f718b35baf98de32c7ee8a7ebd445c6191700070c1ca930
--- a/tomcat-9.0-JDTCompiler.patch
+++ b/tomcat-9.0-JDTCompiler.patch
@ -1,16 +1,17 @@
-diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java.orig ./java/org/apache/jasper/compiler/JDTCompiler.java
--- java/org/apache/jasper/compiler/JDTCompiler.java.orig	2021-07-07 11:31:21.583507995 +0800
-+++ java/org/apache/jasper/compiler/JDTCompiler.java	2021-07-07 11:35:13.009251246 +0800
-@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apa
+diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
+index 2e361f2..277d8f4 100644
+--- java/org/apache/jasper/compiler/JDTCompiler.java
+++ java/org/apache/jasper/compiler/JDTCompiler.java
+@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
             } else if(opt.equals("15")) {
                 settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
             } else if(opt.equals("16")) {
 -                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
 +                settings.put(CompilerOptions.OPTION_Source, "16");
             } else if(opt.equals("17")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
-@@ -372,8 +372,8 @@ public class JDTCompiler extends org.apa
+                 // Constant not available in latest ECJ version that runs on
+                 // Java 8.
+@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
                 settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
                 settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
             } else if(opt.equals("16")) {
@ -19,5 +20,5 @@ diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java.orig ./java/org/apac
 +                settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
 +                settings.put(CompilerOptions.OPTION_Compliance, "16");
             } else if(opt.equals("17")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
+                 // Constant not available in latest ECJ version that runs on
+                 // Java 8.
--- a/tomcat-9.0-bnd-annotation.patch
+++ b/tomcat-9.0-bnd-annotation.patch
@ -0,0 +1,10 @@
+--- build.xml.orig	2023-01-29 17:38:29.477052402 +0800
+++ build.xml	2023-01-29 17:42:03.369583841 +0800
+@@ -216,6 +216,7 @@
+   <!-- Classpaths -->
+   <path id="compile.classpath">
+     <pathelement location="${bnd.jar}"/>
+    <pathelement location="${bnd-annotation.jar}"/>
+     <pathelement location="${jdt.jar}"/>
+     <pathelement location="${jaxrpc-lib.jar}"/>
+     <pathelement location="${wsdl4j-lib.jar}"/>
--- a/tomcat-9.0-catalina-policy.patch
+++ b/tomcat-9.0-catalina-policy.patch
@ -1,6 +1,6 @@
--- conf/catalina.policy.orig	2021-07-07 10:25:53.461393329 +0800
-+++ conf/catalina.policy	2021-07-07 10:27:47.688682404 +0800
-@@ -56,6 +56,16 @@ grant codeBase "file:${java.home}/lib/ex
+--- conf/catalina.policy.orig	2022-11-04 16:17:41.227506990 +0800
+++ conf/catalina.policy	2022-11-04 16:21:51.393351415 +0800
+@@ -56,6 +56,15 @@ grant codeBase "file:${java.home}/lib/ex
 //        permission java.security.AllPermission;
 //};
 
@ -13,11 +13,10 @@
 +grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
 +        permission java.security.AllPermission;
 +};
-+
 
 // ========== CATALINA CODE PERMISSIONS =======================================
 
-@@ -262,4 +272,4 @@ grant codeBase "file:${catalina.home}/we
+@@ -261,4 +270,4 @@ grant codeBase "file:${catalina.home}/we
 //
 // The permissions granted to a specific JAR
 // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
--- a/tomcat-9.0-tomcat-users-webapp.patch
+++ b/tomcat-9.0-tomcat-users-webapp.patch
@ -1,6 +1,6 @@
 --- conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
 +++ conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
-@@ -23,4 +23,14 @@
+@@ -53,4 +53,14 @@
   <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
   <user username="role1" password="<must-be-changed>" roles="role1"/>
 -->
--- a/tomcat-build.patch
+++ b/tomcat-build.patch
@ -1,18 +1,3 @@
-diff -up ./build.xml.orig ./build.xml
--- ./build.xml.orig	2020-07-13 12:59:09.555368724 -0400
-+++ ./build.xml	2020-07-13 13:06:51.246135917 -0400
-@@ -3307,6 +3307,11 @@ Read the Building page on the Apache Tom
-     <!-- Add bnd tasks to project -->
-     <path id="bnd.classpath">
-       <fileset file="${bnd.jar}" />
-+      <fileset file="${bndlib.jar}" />
-+      <fileset file="${bndlibg.jar}" />
-+      <fileset file="${bndannotation.jar}" />
-+      <fileset file="${slf4j-api.jar}" />
-+      <fileset file="${osgi-cmpn.jar}" />
-     </path>
- 
-     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bnd.classpath" />
 diff -up ./res/bnd/build-defaults.bnd.orig ./res/bnd/build-defaults.bnd
 --- ./res/bnd/build-defaults.bnd.orig	2020-07-13 13:47:01.229077747 -0400
 +++ ./res/bnd/build-defaults.bnd	2020-07-13 13:47:12.923095618 -0400
--- a/tomcat.spec
+++ b/tomcat.spec
@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 56
+%global micro_version 71
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       3%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       ASL 2.0
@ -73,6 +73,7 @@ Source21:      tomcat-functions
 Source30:      tomcat-preamble
 Source31:      tomcat-server
 Source32:      tomcat-named.service
+Source33:      java-9-start-up-parameters.conf

 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
@ -80,6 +81,7 @@ Patch2:        %{name}-build.patch
 Patch3:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch4:        rhbz-1857043.patch
 Patch5:        %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch
+Patch6:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch

 BuildArch:     noarch

@ -90,12 +92,10 @@ BuildRequires: java-devel >= 1:1.8.0
 BuildRequires: javapackages-local
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
-BuildRequires: wsdl4j
 BuildRequires: systemd

 Requires:      java-headless >= 1:1.8.0
 Requires:      javapackages-tools
-Requires:      procps
 Requires:      %{name}-lib = %{epoch}:%{version}-%{release}
 %if 0%{?fedora} || 0%{?rhel} > 7
 Recommends:    tomcat-native >= %{native_version}
@ -190,6 +190,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch3 -p0
 %patch4 -p0
 %patch5 -p0
+%patch6 -p0

 # Remove webservices naming resources as it's generally unused
 %{__rm} -rf java/org/apache/naming/factory/webservices
@ -220,14 +221,9 @@ touch HACK
  -Dcommons-daemon.native.win.mgr.exe="HACK" \
  -Dnsis.exe="HACK" \
  -Djaxrpc-lib.jar="HACK" \
-  -Dwsdl4j-lib.jar="$(build-classpath wsdl4j)" \
+  -Dwsdl4j-lib.jar="HACK" \
  -Dbnd.jar="$(build-classpath aqute-bnd/biz.aQute.bnd)" \
-  -Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
-  -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
-  -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
-  -Dosgi-annotations.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
-  -Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
-  -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \
+  -Dbnd-annotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
  -Dversion="%{version}" \
  -Dversion.build="%{micro_version}" \
  deploy
@ -302,6 +298,8 @@ popd
 %{__install} -m 0644 %{SOURCE32} \
    ${RPM_BUILD_ROOT}%{_unitdir}/%{name}@.service

+%{__install} -m 0644 %{SOURCE33} ${RPM_BUILD_ROOT}%{confdir}/conf.d/
+
 # Substitute libnames in catalina-tasks.xml
 sed -i \
   "s,el-api.jar,%{name}-el-%{elspec}-api.jar,;
@ -441,6 +439,7 @@ fi
 %attr(0775,root,tomcat) %dir %{confdir}/Catalina/localhost
 %attr(0755,root,tomcat) %dir %{confdir}/conf.d
 %{confdir}/conf.d/README
+%{confdir}/conf.d/java-9-start-up-parameters.conf
 %config(noreplace) %{confdir}/%{name}.conf
 %config(noreplace) %{confdir}/*.policy
 %config(noreplace) %{confdir}/*.properties
@ -496,6 +495,34 @@ fi
 %{appdir}/ROOT

 %changelog
+* Sun Jan 29 2023 Hui Wang <huwang@redhat.com> - 1:9.0.71-1
+- Update to 9.0.71
+- Remove osgi-annotations patch
+- Add bnd-annotation dependency which is in bndlib package
+
+* Fri Jan 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.70-1
+- Update to 9.0.70
+
+* Thu Nov 03 2022 Hui Wang <huwang@redhat.com> - 1:9.0.68-1
+- Update to 9.0.68
+
+* Thu Jul 21 2022 Hui Wang <huwang@redhat.com> - 1:9.0.65-1
+- Update to 9.0.65
+
+* Tue Jun 21 2022 Hui Wang <huwang@redhat.com> - 1:9.0.64-1
+- Update to 9.0.64
+- Add osgi-annotations dependency back
+
+* Thu Mar 10 2022 Coty Sutherland <csutherl@redhat.com> - 1:9.0.59-3
+- Related: rhbz#2061424 Adjust fix so that it uses the proper env var
+
+* Tue Mar 08 2022 Coty Sutherland <csutherl@redhat.com> - 1:9.0.59-2
+- Resolves: rhbz#2061424 Add Java 9 start-up parameters to allow reflection
+
+* Wed Mar 02 2022 Sonia Xu <sonix@amazon.com> - 1:9.0.59-1
+- Update to 9.0.59
+- Resolves: rhbz#2047419 - CVE-2022-23181 tomcat: local privilege escalation vulnerability
+
 * Sat Feb 05 2022 Jiri Vanek <jvanek@redhat.com> - 1:9.0.56-3
 - Rebuilt for java-17-openjdk as system jdk
Author	SHA1	Message	Date
Hui Wang	b9cc5aadba	Update to 9.0.71	2023-01-29 21:31:26 +08:00
Hui Wang	ae19b423c2	Update to 9.0.70	2023-01-13 19:54:28 +08:00
Hui Wang	589d03a82a	Update to 9.0.68	2022-11-09 16:29:16 +08:00
Hui Wang	f1f37ef5a6	Update to 9.0.65	2022-07-22 17:46:33 +08:00
Hui Wang	1d58c14ce1	Update for 9.0.64	2022-06-21 21:17:53 +08:00
Coty Sutherland	7a159d65fa	Related: rhbz#2061424 Adjust fix so that it uses the proper env var	2022-03-10 15:47:05 -05:00
Coty Sutherland	b00d4b7107	Resolves: rhbz#2061424 Add Java 9 start-up parameters to allow reflection	2022-03-08 13:48:16 -08:00
Sonia Xu	d40b73f5f4	Update to 9.0.59 Fixes CVE-2022-23181	2022-03-03 20:02:04 -05:00